chatExcel

name: Enhanced CI/CD Pipeline # 触发条件 on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] schedule: # 每天凌晨 2 点运行（UTC 时间） - cron: '0 2 * * *' # 环境变量 env: PYTHON_VERSION: '3.11' # 作业定义 jobs: # 代码质量检查 quality: name: Code Quality runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Cache pip dependencies uses: actions/cache@v3 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt', '**/pyproject.toml') }} restore-keys: | ${{ runner.os }}-pip- - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt pip install pre-commit - name: Cache pre-commit uses: actions/cache@v3 with: path: ~/.cache/pre-commit key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} restore-keys: | ${{ runner.os }}-pre-commit- - name: Run pre-commit run: | pre-commit install pre-commit run --all-files - name: Run enhanced code quality checks run: | python scripts/code_quality_enhanced.py --report - name: Upload quality report uses: actions/upload-artifact@v3 if: always() with: name: quality-report path: reports/ retention-days: 30 # 单元测试 test: name: Unit Tests runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-latest, windows-latest, macos-latest] python-version: ['3.9', '3.10', '3.11', '3.12'] exclude: # 排除一些组合以减少构建时间 - os: windows-latest python-version: '3.9' - os: macos-latest python-version: '3.9' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Cache pip dependencies uses: actions/cache@v3 with: path: ~/.cache/pip key: ${{ runner.os }}-${{ matrix.python-version }}-pip-${{ hashFiles('**/requirements.txt') }} restore-keys: | ${{ runner.os }}-${{ matrix.python-version }}-pip- - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt pip install pytest pytest-cov pytest-xdist - name: Run tests with coverage run: | pytest tests/ \ --cov=. \ --cov-report=xml \ --cov-report=html \ --cov-report=term-missing \ --junitxml=pytest-results.xml \ -v - name: Run health check run: | python scripts/health_check.py - name: Upload coverage to Codecov uses: codecov/codecov-action@v3 if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.11' with: file: ./coverage.xml flags: unittests name: codecov-umbrella fail_ci_if_error: false - name: Upload test results uses: actions/upload-artifact@v3 if: always() with: name: test-results-${{ matrix.os }}-${{ matrix.python-version }} path: | pytest-results.xml htmlcov/ retention-days: 30 # 安全检查 security: name: Security Scan runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install security tools run: | python -m pip install --upgrade pip pip install bandit safety pip-audit - name: Run Bandit security scan run: | bandit -r . -f json -o bandit-report.json || true bandit -r . -f txt - name: Run Safety check run: | safety check --json --output safety-report.json || true safety check - name: Run pip-audit run: | pip-audit --format=json --output=pip-audit-report.json || true pip-audit - name: Upload security reports uses: actions/upload-artifact@v3 if: always() with: name: security-reports path: | bandit-report.json safety-report.json pip-audit-report.json retention-days: 30 dependency-update: runs-on: ubuntu-latest if: github.event_name == 'schedule' steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: 3.11 - name: Check for dependency updates run: | pip install --upgrade pip pip install pip-tools pip-compile --upgrade pyproject.toml - name: Create Pull Request uses: peter-evans/create-pull-request@v5 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: 'chore: update dependencies' title: 'Automated dependency update' body: 'This PR updates project dependencies to their latest versions.' branch: 'automated-dependency-update'